AWS Summit 2022: USA ensures “zero trust” is the primary strategy for combating cyber attacks

Share This Post

- Advertisement -

AWS Summit 2022: USA ensures that

- Advertisement -

Joe Biden signed an executive order last year to attack the cybersecurity problem. Photo by AP

- Advertisement -

The cyber attacks Governments have made headlines around the world over the past two years. With Peru and Costa Rica as the latest victims, information security has become a global concern of the president. And the topic didn’t escape the agenda at this year’s AWS Summit, one of the largest cloud computing conventions in the world.

There, Chris DeRusha, the head of cybersecurity in the United States, who oversees the observation behind Joe Biden, spoke and made sure that one of the keys to defending oneself from cybercriminals is to “no trust”: completely distrustful of anyone, even the officers themselves.

“One of the things we’re proud of in our department is we have a zero-trust policy, largely because we developed it together with the industry“, said DeRusha in an interview with the Chief of Information Security (CISOfor its acronym in English) of AWS, CJ Moses.

The expression (in English, “no trust”) refers to a method of manufacture which is assumed to be users need to authorize and continue to authenticate: Even government officials or company employees are considered potential attackers.

Chris DeRusha, CISO for Joe Biden.  Photo Press AWS

Chris DeRusha, CISO for Joe Biden. Photo Press AWS

There are many explanations, but most of all people can make mistakes, such as clicking on an email that contains phishing. Although one of the cases most concerned by state organizations is that of employees surrender credentials actively attacking cybercriminals.

This approach is consistent with the problem faced by some companies, which were victims of cyberattacks last year. One of the most notorious cybercriminal groups this year, slippery $: no own band ransomwarethat is, its software to steal and encrypt information (to demand ransom money), but instead works through social engineering.

According to what they posted on their forums, they are looking for employees who provide internal credentials from governments and companies. So they were able to break into giants like Nvidia and Samsung in the world and Mercado Libre and Globant in Argentina.

In this sense, panel experts indicated that the approach is relatively new. For this, DeRusha explained that at the state level they keep training, but taking the step to zero trust is something that takes time: “We don’t have a complete plan yet, it’s just the beginning. We’re acting as a federal government and we’re doing what we have to do to get to that first major. level of maturity in all services and dependencies ”of the State, he assured.

“We always do workshops (training) to implement this ‘zero trust’ policy and they have the most attendees ”, he added.

DeRusha, who also holds the position of National Director of Cybersecurity, acknowledged that one of the biggest challenges has to do with unity of work standards between various United States agencies.

“The key is to identify what common problems agencies have and think of new ways to solve those problems. It’s a big challenge, we’re not going to have a zero trust policy with all the dependencies inside. for two years, but we will make significant progress”, He explained.

Biden’s executive order

Joe Biden boosted cybersecurity after the Colonial Pipeline attack.  Photo by AP

Joe Biden boosted cybersecurity after the Colonial Pipeline attack. Photo by AP

In May 2021, the President of the United States, Joe Biden, signed an executive order to strengthen cybersecurity after the attack on the Colonial Pipeline, the largest oil pipeline network in the country. From this measure, his administration called for stricter security standards to prevent problems arising from that hack, which left the country with supply problems.

In this sense, DeRusha ensured that all State dependencies were focused on zero trust policy to comply with this executive order and described this change in mentality as the first step to prevent cyberattacks.

“One thing we’ve learned from talking to seasoned agents from divisions like the NSA and others is that when they have a solid level of maturity in all training areas, incidents drop significantly. In end of the day, that’s what we’re trying to do: make it better, because the risks of attacks will not go away. I think in a few years we can make significant progress. “

The United States has been one of the countries most affected by cybercrime in recent years, with cases such as the Colonial Pipeline in March 2021, with 70 GB of information stolen from energy company servers, or in the refrigerator of JBS in May last year, affected by ransomware.

These discussions took place at AWS Summit 2022, an annual convention hosted by Amazon Web Services, Amazon’s cloud computing division, in Washington.

There experts and members of various industries and public agencies working on AWS services meet to participate in discussions and present the latest in the field of cloud computing -related products and services.

The talk was attended by a large audience at the Washington Convention Center.  Photo Press AWS

The talk was attended by a large audience at the Washington Convention Center. Photo Press AWS

From Washington

Source: Clarin

- Advertisement -

Related Posts